http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java ---------------------------------------------------------------------- diff --git a/authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java b/authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java new file mode 100644 index 0000000..8b27e2e --- /dev/null +++ b/authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java @@ -0,0 +1,208 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.atlas.authorize.simple; + +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Set; +import java.util.Map; + +import org.apache.atlas.authorize.*; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.testng.AssertJUnit; +import org.testng.annotations.Test; + +public class SimpleAtlasAuthorizerTest { + + private static Logger LOG = LoggerFactory + .getLogger(SimpleAtlasAuthorizerTest.class); + + @Test + public void testAccessAllowedForUserAndGroup() { + + Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null; + Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null; + List<String> policies = new ArrayList<String>(); + policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:*abc,type:PII"); + + List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies); + PolicyUtil policyUtil = new PolicyUtil(); + // group read map + groupReadMap = policyUtil.createPermissionMap(policyDefs, + AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.GROUP); + // creating user readMap + userReadMap = policyUtil.createPermissionMap(policyDefs, + AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.USER); + + Set<AtlasResourceTypes> resourceType = new HashSet<AtlasResourceTypes>(); + resourceType.add(AtlasResourceTypes.TYPE); + String resource = "xsdfhjabc"; + AtlasActionTypes action = AtlasActionTypes.READ; + String user = "usr1"; + + Set<String> userGroups = new HashSet<String>(); + userGroups.add("grp3"); + try { + AtlasAccessRequest request = new AtlasAccessRequest(resourceType, + resource, action, user, userGroups); + SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory + .getAtlasAuthorizer(); + + authorizer + .setResourcesForTesting(userReadMap, groupReadMap, action); + + boolean isAccessAllowed = authorizer.isAccessAllowed(request); + // getUserReadMap + AssertJUnit.assertEquals(true, isAccessAllowed); + } catch (AtlasAuthorizationException e) { + if (LOG.isErrorEnabled()) { + LOG.error("AtlasAuthorizationException in Unit Test", e); + } + } + + } + + @Test + public void testAccessAllowedForGroup() { + + Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null; + Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null; + List<String> policies = new ArrayList<String>(); + policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII"); + + List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies); + PolicyUtil policyUtil = new PolicyUtil(); + // creating group read map + groupReadMap = policyUtil.createPermissionMap(policyDefs, + AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.GROUP); + // creating user readMap + userReadMap = policyUtil.createPermissionMap(policyDefs, + AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.USER); + + Set<AtlasResourceTypes> resourceType = new HashSet<AtlasResourceTypes>(); + resourceType.add(AtlasResourceTypes.TYPE); + String resource = "PII"; + AtlasActionTypes action = AtlasActionTypes.READ; + String user = "usr3"; + Set<String> userGroups = new HashSet<String>(); + userGroups.add("grp1"); + AtlasAccessRequest request = new AtlasAccessRequest(resourceType, + resource, action, user, userGroups); + try { + SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory + .getAtlasAuthorizer(); + authorizer + .setResourcesForTesting(userReadMap, groupReadMap, action); + + boolean isAccessAllowed = authorizer.isAccessAllowed(request); + AssertJUnit.assertEquals(true, isAccessAllowed); + } catch (AtlasAuthorizationException e) { + if (LOG.isErrorEnabled()) { + LOG.error("AtlasAuthorizationException in Unit Test", e); + } + + } + + } + + @Test + public void testResourceNotAvailableInPolicy() { + + Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null; + Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null; + List<String> policies = new ArrayList<String>(); + policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII"); + + List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies); + PolicyUtil policyUtil = new PolicyUtil(); + // group read map + groupReadMap = policyUtil.createPermissionMap(policyDefs, + AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.GROUP); + // creating user readMap + userReadMap = policyUtil.createPermissionMap(policyDefs, + AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.USER); + + Set<AtlasResourceTypes> resourceType = new HashSet<AtlasResourceTypes>(); + resourceType.add(AtlasResourceTypes.TYPE); + String resource = "abc"; + AtlasActionTypes action = AtlasActionTypes.READ; + String user = "usr1"; + Set<String> userGroups = new HashSet<String>(); + userGroups.add("grp1"); + AtlasAccessRequest request = new AtlasAccessRequest(resourceType, + resource, action, user, userGroups); + try { + SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory + .getAtlasAuthorizer(); + authorizer + .setResourcesForTesting(userReadMap, groupReadMap, action); + + boolean isAccessAllowed = authorizer.isAccessAllowed(request); + AssertJUnit.assertEquals(false, isAccessAllowed); + } catch (AtlasAuthorizationException e) { + if (LOG.isErrorEnabled()) { + LOG.error("AtlasAuthorizationException in Unit Test", e); + } + } + + } + + @Test + public void testAccessNotAllowedForUserAndGroup() { + + Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null; + Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null; + List<String> policies = new ArrayList<String>(); + policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII"); + + List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies); + PolicyUtil policyUtil = new PolicyUtil(); + // group read map + groupReadMap = policyUtil.createPermissionMap(policyDefs, + AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.GROUP); + // creating user readMap + userReadMap = policyUtil.createPermissionMap(policyDefs, + AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.USER); + + Set<AtlasResourceTypes> resourceType = new HashSet<AtlasResourceTypes>(); + resourceType.add(AtlasResourceTypes.TYPE); + String resource = "PII"; + AtlasActionTypes action = AtlasActionTypes.READ; + String user = "usr3"; + Set<String> userGroups = new HashSet<String>(); + userGroups.add("grp3"); + AtlasAccessRequest request = new AtlasAccessRequest(resourceType, + resource, action, user, userGroups); + try { + SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory + .getAtlasAuthorizer(); + authorizer + .setResourcesForTesting(userReadMap, groupReadMap, action); + + boolean isAccessAllowed = authorizer.isAccessAllowed(request); + AssertJUnit.assertEquals(false, isAccessAllowed); + } catch (AtlasAuthorizationException e) { + if (LOG.isErrorEnabled()) { + LOG.error("AtlasAuthorizationException in Unit Test", e); + } + } + + } + +}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/common/pom.xml ---------------------------------------------------------------------- diff --git a/common/pom.xml b/common/pom.xml index 614b3f6..ba1210a 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -56,5 +56,11 @@ <artifactId>mockito-all</artifactId> </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-beans</artifactId> + <version>${spring.version}</version> + </dependency> + </dependencies> </project> http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/common/src/main/java/org/apache/atlas/utils/PropertiesUtil.java ---------------------------------------------------------------------- diff --git a/common/src/main/java/org/apache/atlas/utils/PropertiesUtil.java b/common/src/main/java/org/apache/atlas/utils/PropertiesUtil.java new file mode 100644 index 0000000..43569c4 --- /dev/null +++ b/common/src/main/java/org/apache/atlas/utils/PropertiesUtil.java @@ -0,0 +1,137 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.atlas.utils; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import org.apache.log4j.Logger; +import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; +import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer; + +/** + * Util class for Properties. + */ +public final class PropertiesUtil extends PropertyPlaceholderConfigurer { + private static Map<String, String> propertiesMap = new HashMap<String, String>(); + private static Logger logger = Logger.getLogger(PropertiesUtil.class); + protected List<String> xmlPropertyConfigurer = new ArrayList<String>(); + + private PropertiesUtil() { + + } + + @Override + protected void processProperties(ConfigurableListableBeanFactory beanFactory, Properties props) { + + Properties sysProps = System.getProperties(); + if (sysProps != null) { + for (String key : sysProps.stringPropertyNames()) { + String value = sysProps.getProperty(key); + if (value != null) { + value = value.trim(); + } + propertiesMap.put(key, value); + } + } + + if (props != null) { + for (String key : props.stringPropertyNames()) { + String value = props.getProperty(key); + if (value != null) { + value = value.trim(); + } + propertiesMap.put(key, value); + } + } + + super.processProperties(beanFactory, props); + } + + public static String getProperty(String key, String defaultValue) { + if (key == null) { + return null; + } + String rtrnVal = propertiesMap.get(key); + if (rtrnVal == null) { + rtrnVal = defaultValue; + } + return rtrnVal; + } + + public static String getProperty(String key) { + if (key == null) { + return null; + } + return propertiesMap.get(key); + } + + public static String[] getPropertyStringList(String key) { + if (key == null) { + return null; + } + String value = propertiesMap.get(key); + if (value != null) { + String[] splitValues = value.split(","); + String[] returnValues = new String[splitValues.length]; + for (int i = 0; i < splitValues.length; i++) { + returnValues[i] = splitValues[i].trim(); + } + return returnValues; + } else { + return new String[0]; + } + } + + public static Integer getIntProperty(String key, int defaultValue) { + if (key == null) { + return null; + } + String rtrnVal = propertiesMap.get(key); + if (rtrnVal == null) { + return defaultValue; + } + return Integer.valueOf(rtrnVal); + } + + public static Integer getIntProperty(String key) { + if (key == null) { + return null; + } + String rtrnVal = propertiesMap.get(key); + if (rtrnVal == null) { + return null; + } + return Integer.valueOf(rtrnVal); + } + + public static boolean getBooleanProperty(String key, boolean defaultValue) { + if (key == null) { + return defaultValue; + } + String value = getProperty(key); + if (value == null) { + return defaultValue; + } + return Boolean.parseBoolean(value); + } +} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/common/src/main/java/org/apache/atlas/utils/XMLPropertiesUtil.java ---------------------------------------------------------------------- diff --git a/common/src/main/java/org/apache/atlas/utils/XMLPropertiesUtil.java b/common/src/main/java/org/apache/atlas/utils/XMLPropertiesUtil.java new file mode 100644 index 0000000..fee5371 --- /dev/null +++ b/common/src/main/java/org/apache/atlas/utils/XMLPropertiesUtil.java @@ -0,0 +1,85 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.atlas.utils; + +import java.io.IOException; +import java.io.InputStream; +import java.util.Properties; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.apache.log4j.Logger; +import org.springframework.util.DefaultPropertiesPersister; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +/** + * Util class for XMLProperties. + */ +public class XMLPropertiesUtil extends DefaultPropertiesPersister { + private static Logger logger = Logger.getLogger(XMLPropertiesUtil.class); + + public XMLPropertiesUtil() { + } + + @Override + public void loadFromXml(Properties properties, InputStream inputStream) throws IOException { + try { + DocumentBuilderFactory xmlDocumentBuilderFactory = DocumentBuilderFactory + .newInstance(); + xmlDocumentBuilderFactory.setIgnoringComments(true); + xmlDocumentBuilderFactory.setNamespaceAware(true); + DocumentBuilder xmlDocumentBuilder = xmlDocumentBuilderFactory + .newDocumentBuilder(); + Document xmlDocument = xmlDocumentBuilder.parse(inputStream); + xmlDocument.getDocumentElement().normalize(); + + NodeList nList = xmlDocument.getElementsByTagName("property"); + + for (int temp = 0; temp < nList.getLength(); temp++) { + + Node nNode = nList.item(temp); + + if (nNode.getNodeType() == Node.ELEMENT_NODE) { + + Element eElement = (Element) nNode; + + String propertyName = ""; + String propertyValue = ""; + if (eElement.getElementsByTagName("name").item(0) != null) { + propertyName = eElement.getElementsByTagName("name") + .item(0).getTextContent().trim(); + } + if (eElement.getElementsByTagName("value").item(0) != null) { + propertyValue = eElement.getElementsByTagName("value") + .item(0).getTextContent().trim(); + } + + properties.put(propertyName, propertyValue); + + } + } + } catch (Exception e) { + logger.error("Error loading : ", e); + } + } + +} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/distro/src/conf/atlas-application.properties ---------------------------------------------------------------------- diff --git a/distro/src/conf/atlas-application.properties b/distro/src/conf/atlas-application.properties index e2082ef..d1deae4 100755 --- a/distro/src/conf/atlas-application.properties +++ b/distro/src/conf/atlas-application.properties @@ -127,3 +127,6 @@ atlas.auth.policy.file=${sys:atlas.home}/conf/policy-store.txt # org.apache.atlas.typesystem.types.cache.ITypeCacheProvider. # The default is DefaultTypeCacheProvider which is a local in-memory type cache. #atlas.typesystem.cache.provider= + +#########authorizer impl class ######### +atlas.authorizer.impl=SIMPLE http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/distro/src/conf/policy-store.txt ---------------------------------------------------------------------- diff --git a/distro/src/conf/policy-store.txt b/distro/src/conf/policy-store.txt index 5bcc1cf..339f014 100644 --- a/distro/src/conf/policy-store.txt +++ b/distro/src/conf/policy-store.txt @@ -3,7 +3,5 @@ ##Policy_Name;;User_Name1:Operations_Allowed,User_Name2:Operations_Allowed;;Group_Name1:Operations_Allowed,Group_Name2:Operations_Allowed;;Resource_Type1:Resource_Name,Resource_Type2:Resource_Name ## adminPolicy;;admin:rwud;;ROLE_ADMIN:rwud;;type:*,entity:*,operation:*,taxonomy:*,term:* -typeReadPolicy;;nixon:rw;;;;type:*,entity:*,taxonomy:*,term:* -classReadPolicy;;saqeeb:r;;;;type:*,entity:*,taxonomy:*,term:* dataScientistPolicy;;;;DATA_SCIENTIST:r;;type:*,entity:*,taxonomy:*,term:* dataStewardPolicy;;;;DATA_STEWARD:rwu;;type:*,entity:*,taxonomy:*,term:* http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/distro/src/conf/users-credentials.properties ---------------------------------------------------------------------- diff --git a/distro/src/conf/users-credentials.properties b/distro/src/conf/users-credentials.properties index 212d018..1758be2 100644 --- a/distro/src/conf/users-credentials.properties +++ b/distro/src/conf/users-credentials.properties @@ -1,4 +1,2 @@ #username=group::sha256-password admin=ADMIN::8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 -michael=DATA_SCIENTIST::95bfb24de17d285d734b9eaa9109bfe922adc85f20d2e5e66a78bddb4a4ebddb -paul=DATA_STEWARD::e7c0dcf5f8a93e93791e9bac1ae454a691c1d2a902fc4256d489e96c1b9ac68c http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 685eb7d..98184ae 100755 --- a/pom.xml +++ b/pom.xml @@ -463,16 +463,19 @@ <module>graphdb</module> <module>titan</module> <module>repository</module> + <module>authorization</module> <module>catalog</module> <!-- <module>dashboard</module> --> <module>dashboardv2</module> <module>webapp</module> + <module>docs</module> <module>addons/hdfs-model</module> <module>addons/hive-bridge</module> <module>addons/falcon-bridge</module> <module>addons/sqoop-bridge</module> <module>addons/storm-bridge</module> + <module>distro</module> </modules> http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/release-log.txt ---------------------------------------------------------------------- diff --git a/release-log.txt b/release-log.txt index b28a8fa..554b4ef 100644 --- a/release-log.txt +++ b/release-log.txt @@ -21,6 +21,7 @@ ATLAS-409 Atlas will not import avro tables with schema read from a file (dosset ATLAS-379 Create sqoop and falcon metadata addons (venkatnrangan,bvellanki,sowmyaramesh via shwethags) ALL CHANGES: +ATLAS-495 Atlas Ranger Authorization Plugin (nixonrodrigues via shwethags) ATLAS-805 Quickstart is failing if run after queries to the business taxonomy API (jspeidel via shwethags) ATLAS-774 Better error handling from login.jsp (nixonrodrigues via shwethags) ATLAS-683 Refactor local type-system cache with cache provider interface (vmadugun via shwethags) http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/pom.xml ---------------------------------------------------------------------- diff --git a/webapp/pom.xml b/webapp/pom.xml index 4b67ffa..5b023eb 100755 --- a/webapp/pom.xml +++ b/webapp/pom.xml @@ -89,6 +89,12 @@ <artifactId>atlas-client</artifactId> </dependency> + <dependency> + <groupId>org.apache.atlas</groupId> + <artifactId>atlas-authorization</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> <groupId>org.apache.atlas</groupId> <artifactId>atlas-notification</artifactId> http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java b/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java deleted file mode 100644 index 5db9646..0000000 --- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java +++ /dev/null @@ -1,117 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.atlas.authorize; - -import java.util.Date; -import java.util.List; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class AtlasAccessRequest { - - private static Logger LOG = LoggerFactory.getLogger(AtlasAccessRequest.class); - private static boolean isDebugEnabled = LOG.isDebugEnabled(); - private List<AtlasResourceTypes> resourceType = null; - private String resource = null; - private AtlasActionTypes action = null; - private String user = null; - private List<String> userGroups = null; - private Date accessTime = null; - private String clientIPAddress = null; - - public AtlasAccessRequest(List<AtlasResourceTypes> resourceType, String resource, AtlasActionTypes action, - String user, List<String> userGroups) { - if (isDebugEnabled) { - LOG.debug("<== AtlasAccessRequestImpl-- Initializing AtlasAccessRequest"); - } - setResource(resource); - setAction(action); - setUser(user); - setUserGroups(userGroups); - setResourceType(resourceType); - - // set remaining fields to default value - setAccessTime(null); - setClientIPAddress(null); - } - - public List<AtlasResourceTypes> getResourceTypes() { - return resourceType; - } - - public void setResourceType(List<AtlasResourceTypes> resourceType) { - this.resourceType = resourceType; - } - - public String getResource() { - return resource; - } - - public void setResource(String resource) { - this.resource = resource; - } - - public AtlasActionTypes getAction() { - return action; - } - - public void setAction(AtlasActionTypes action) { - this.action = action; - } - - public String getUser() { - return user; - } - - public void setUser(String user) { - this.user = user; - } - - public void setUserGroups(List<String> userGroups) { - this.userGroups = userGroups; - } - - public List<String> getUserGroups() { - return userGroups; - } - - public Date getAccessTime() { - return accessTime; - } - - public void setAccessTime(Date accessTime) { - this.accessTime = accessTime; - } - - public String getClientIPAddress() { - return clientIPAddress; - } - - public void setClientIPAddress(String clientIPAddress) { - this.clientIPAddress = clientIPAddress; - } - - @Override - public String toString() { - return "AtlasAccessRequest [resourceType=" + resourceType + ", resource=" + resource + ", action=" + action - + ", user=" + user + ", userGroups=" + userGroups + ", accessTime=" + accessTime + ", clientIPAddress=" - + clientIPAddress + "]"; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java b/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java deleted file mode 100644 index 5f3827a..0000000 --- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java +++ /dev/null @@ -1,22 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.atlas.authorize; - -public enum AtlasAccessorTypes { - USER, GROUP; -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java b/webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java deleted file mode 100644 index 13c8b53..0000000 --- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java +++ /dev/null @@ -1,22 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.atlas.authorize; - -public enum AtlasActionTypes { - READ, WRITE, UPDATE, DELETE; -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java b/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java deleted file mode 100644 index 676c9f9..0000000 --- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java +++ /dev/null @@ -1,40 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.atlas.authorize; - -public class AtlasAuthorizationException extends Exception { - private static final long serialVersionUID = 1L; - - public AtlasAuthorizationException() { - - } - - public AtlasAuthorizationException(String message) { - super(message); - } - - public AtlasAuthorizationException(String message, Throwable exception) { - super(message, exception); - } - - public AtlasAuthorizationException(String message, Throwable exception, boolean enableSuppression, - boolean writableStackTrace) { - super(message, exception, enableSuppression, writableStackTrace); - } -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java b/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java deleted file mode 100644 index 14a2aac..0000000 --- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java +++ /dev/null @@ -1,149 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.atlas.authorize; - -import java.util.ArrayList; -import java.util.List; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; - -import org.apache.atlas.AtlasClient; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.base.Strings; - -public class AtlasAuthorizationUtils { - private static final Logger LOG = LoggerFactory.getLogger(AtlasAuthorizationUtils.class); - private static boolean isDebugEnabled = LOG.isDebugEnabled(); - private static final String BASE_URL = "/" + AtlasClient.BASE_URI; - - public static String parse(String fullPath, String subPath) { - String api = null; - if (!Strings.isNullOrEmpty(fullPath)) { - api = fullPath.substring(subPath.length(), fullPath.length()); - - } - if (isDebugEnabled) { - LOG.debug("Extracted " + api + " from path : " + fullPath); - } - return api; - } - - public static String getApi(String u) { - if (isDebugEnabled) { - LOG.debug("getApi <=== from " + u); - } - if (u.startsWith(BASE_URL)) { - u = parse(u, BASE_URL); - } else { - // strip of leading '/' - u = u.substring(1); - } - String[] split = u.split("/"); - String api = split[0]; - return (! api.equals("v1")) ? api : String.format("v1/%s", split[1]); - } - - public static AtlasActionTypes getAtlasAction(String method) { - AtlasActionTypes action = null; - - switch (method.toUpperCase()) { - case "POST": - action = AtlasActionTypes.WRITE; - break; - case "GET": - action = AtlasActionTypes.READ; - break; - case "PUT": - action = AtlasActionTypes.UPDATE; - break; - case "DELETE": - action = AtlasActionTypes.DELETE; - break; - default: - if (isDebugEnabled) { - LOG.debug("Invalid HTTP method in request : " + method + " this is serious!!!"); - } - break; - } - - if (isDebugEnabled) { - LOG.debug("==> AtlasAuthorizationFilter getAtlasAction HTTP Method " + method + " mapped to AtlasAction : " - + action); - } - return action; - } - - public static List<AtlasResourceTypes> getAtlasResourceType(String contextPath) throws ServletException { - List<AtlasResourceTypes> resourceTypes = new ArrayList<AtlasResourceTypes>(); - if (isDebugEnabled) { - LOG.debug("getAtlasResourceType <=== for " + contextPath); - } - String api = getApi(contextPath); - - if (api.startsWith("types")) { - resourceTypes.add(AtlasResourceTypes.TYPE); - } else if ((api.startsWith("discovery") && contextPath.contains("gremlin")) || api.startsWith("admin") - || api.startsWith("graph")) { - resourceTypes.add(AtlasResourceTypes.OPERATION); - } else if ((api.startsWith("entities") && contextPath.contains("traits")) || api.startsWith("discovery")) { - resourceTypes.add(AtlasResourceTypes.ENTITY); - resourceTypes.add(AtlasResourceTypes.TYPE); - } else if (api.startsWith("entities") || api.startsWith("lineage")) { - resourceTypes.add(AtlasResourceTypes.ENTITY); - } else if (api.startsWith("v1/taxonomies")) { - resourceTypes.add(AtlasResourceTypes.TAXONOMY); - // taxonomies are modeled as entities - resourceTypes.add(AtlasResourceTypes.ENTITY); - if (contextPath.contains("terms")) { - resourceTypes.add(AtlasResourceTypes.TERM); - // terms are modeled as traits - resourceTypes.add(AtlasResourceTypes.TYPE); - } - } else if (api.startsWith("v1/entities")) { - resourceTypes.add(AtlasResourceTypes.ENTITY); - if (contextPath.contains("tags")) { - // tags are modeled as traits - resourceTypes.add(AtlasResourceTypes.TYPE); - } - } else { - LOG.error("Unable to find Atlas Resource corresponding to : " + api); - throw new ServletException("Unable to find Atlas Resource corresponding to : " + api); - } - - if (isDebugEnabled) { - LOG.debug("Returning AtlasResources " + resourceTypes + " for api " + api); - } - return resourceTypes; - } - - /* - * This implementation will be changed for Resource level Authorization. - */ - public static String getAtlasResource(HttpServletRequest requeset, AtlasActionTypes action) { - if (isDebugEnabled) { - LOG.debug("getAtlasResource <=== " - + "This implementation will be changed for Resource level Authorization."); - } - return "*"; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java b/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java deleted file mode 100644 index 7c93c7a..0000000 --- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java +++ /dev/null @@ -1,43 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.atlas.authorize; - - -public interface AtlasAuthorizer { - /** - * This method will load the policy file and would initialize the required data-structures. - */ - public void init(); - - /** - * This method is responsible to perform the actual authorization for every REST API call. It will check the if the - * user:u can perform action:a on resource:r. - * - * @param request - * @return - */ - public boolean isAccessAllowed(AtlasAccessRequest request) throws AtlasAuthorizationException; - - /** - * This method is responsible to perform the cleanup and release activities. It must be called when you are done - * with the Authorization activity and once it's called a restart would be required. Try to invoke this while - * destroying the context. - */ - public void cleanUp(); -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java b/webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java deleted file mode 100644 index 14a72f1..0000000 --- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java +++ /dev/null @@ -1,23 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.atlas.authorize; - -public enum AtlasResourceTypes { - ENTITY, TYPE, OPERATION, TAXONOMY, TERM; -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java b/webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java deleted file mode 100644 index 0ee39df..0000000 --- a/webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java +++ /dev/null @@ -1,67 +0,0 @@ -/** Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.atlas.authorize; - -import java.util.List; -import java.util.Map; - -public class PolicyDef { - - private String policyName; - private Map<String, List<AtlasActionTypes>> users; - private Map<String, List<AtlasActionTypes>> groups; - private Map<AtlasResourceTypes, List<String>> resources; - - public String getPolicyName() { - return policyName; - } - - public void setPolicyName(String policyName) { - this.policyName = policyName; - } - - public Map<String, List<AtlasActionTypes>> getUsers() { - return users; - } - - public void setUsers(Map<String, List<AtlasActionTypes>> users) { - this.users = users; - } - - public Map<String, List<AtlasActionTypes>> getGroups() { - return groups; - } - - public void setGroups(Map<String, List<AtlasActionTypes>> groups) { - this.groups = groups; - } - - public Map<AtlasResourceTypes, List<String>> getResources() { - return resources; - } - - public void setResources(Map<AtlasResourceTypes, List<String>> resources) { - this.resources = resources; - } - - @Override - public String toString() { - return "PolicyDef [policyName=" + policyName + ", users=" + users + ", groups=" + groups + ", resources=" - + resources + "]"; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java b/webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java deleted file mode 100644 index 51a6dc2..0000000 --- a/webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java +++ /dev/null @@ -1,238 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.atlas.authorize; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.regex.Pattern; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class PolicyParser { - - private static Logger LOG = LoggerFactory.getLogger(PolicyParser.class); - private static boolean isDebugEnabled = LOG.isDebugEnabled(); - public static final int POLICYNAME = 0; - - public static final int USER_INDEX = 1; - public static final int USERNAME = 0; - public static final int USER_AUTHORITIES = 1; - - public static final int GROUP_INDEX = 2; - public static final int GROUPNAME = 0; - public static final int GROUP_AUTHORITIES = 1; - - public static final int RESOURCE_INDEX = 3; - public static final int RESOURCE_TYPE = 0; - public static final int RESOURCE_NAME = 1; - - private List<AtlasActionTypes> getListOfAutorities(String auth) { - if (isDebugEnabled) { - LOG.debug("<== PolicyParser getListOfAutorities"); - } - List<AtlasActionTypes> authorities = new ArrayList<AtlasActionTypes>(); - - for (int i = 0; i < auth.length(); i++) { - char access = auth.toLowerCase().charAt(i); - switch (access) { - case 'r': - authorities.add(AtlasActionTypes.READ); - break; - case 'w': - authorities.add(AtlasActionTypes.WRITE); - break; - case 'u': - authorities.add(AtlasActionTypes.UPDATE); - break; - case 'd': - authorities.add(AtlasActionTypes.DELETE); - break; - - default: - if (LOG.isErrorEnabled()) { - LOG.error("Invalid Action"); - } - break; - } - } - if (isDebugEnabled) { - LOG.debug("==> PolicyParser getListOfAutorities"); - } - return authorities; - } - - public List<PolicyDef> parsePolicies(List<String> policies) { - if (isDebugEnabled) { - LOG.debug("<== PolicyParser parsePolicies"); - } - List<PolicyDef> policyDefs = new ArrayList<PolicyDef>(); - for (String policy : policies) { - PolicyDef policyDef = parsePolicy(policy); - policyDefs.add(policyDef); - } - if (isDebugEnabled) { - LOG.debug("==> PolicyParser parsePolicies"); - LOG.debug(policyDefs.toString()); - } - return policyDefs; - } - - private PolicyDef parsePolicy(String data) { - if (isDebugEnabled) { - LOG.debug("<== PolicyParser parsePolicy"); - } - PolicyDef def = new PolicyDef(); - String[] props = data.split(";;"); - def.setPolicyName(props[POLICYNAME]); - parseUsers(props[USER_INDEX], def); - parseGroups(props[GROUP_INDEX], def); - parseResources(props[RESOURCE_INDEX], def); - if (isDebugEnabled) { - LOG.debug("policy successfully parsed!!!"); - LOG.debug("==> PolicyParser parsePolicy"); - } - return def; - } - - private boolean validateEntity(String entity) { - if (isDebugEnabled) { - LOG.debug("<== PolicyParser validateEntity"); - } - boolean isValidEntity = Pattern.matches("(.+:.+)+", entity); - boolean isEmpty = entity.isEmpty(); - if (isValidEntity == false || isEmpty == true) { - if (isDebugEnabled) { - LOG.debug("group/user/resource not properly define in Policy"); - LOG.debug("==> PolicyParser validateEntity"); - } - return false; - } else { - if (isDebugEnabled) { - LOG.debug("==> PolicyParser validateEntity"); - } - return true; - } - - } - - private void parseUsers(String usersDef, PolicyDef def) { - if (isDebugEnabled) { - LOG.debug("<== PolicyParser parseUsers"); - } - String[] users = usersDef.split(","); - String[] userAndRole = null; - Map<String, List<AtlasActionTypes>> usersMap = new HashMap<String, List<AtlasActionTypes>>(); - if (validateEntity(usersDef)) { - for (String user : users) { - if (!Pattern.matches("(.+:.+)+", user)) { - continue; - } - userAndRole = user.split(":"); - if (def.getUsers() != null) { - usersMap = def.getUsers(); - } - List<AtlasActionTypes> userAutorities = usersMap.get(userAndRole[USERNAME]); - if (userAutorities == null) { - - userAutorities = new ArrayList<AtlasActionTypes>(); - } - userAutorities = getListOfAutorities(userAndRole[USER_AUTHORITIES]); - usersMap.put(userAndRole[USERNAME], userAutorities); - def.setUsers(usersMap); - } - - } else { - def.setUsers(usersMap); - } - if (isDebugEnabled) { - LOG.debug("==> PolicyParser parseUsers"); - } - } - - private void parseGroups(String groupsDef, PolicyDef def) { - if (isDebugEnabled) { - LOG.debug("<== PolicyParser parseGroups"); - } - String[] groups = groupsDef.split("\\,"); - String[] groupAndRole = null; - Map<String, List<AtlasActionTypes>> groupsMap = new HashMap<String, List<AtlasActionTypes>>(); - if (validateEntity(groupsDef.trim())) { - for (String group : groups) { - if (!Pattern.matches("(.+:.+)+", group)) { - continue; - } - groupAndRole = group.split("[:]"); - if (def.getGroups() != null) { - groupsMap = def.getGroups(); - } - List<AtlasActionTypes> groupAutorities = groupsMap.get(groupAndRole[GROUPNAME]); - if (groupAutorities == null) { - groupAutorities = new ArrayList<AtlasActionTypes>(); - } - groupAutorities = getListOfAutorities(groupAndRole[GROUP_AUTHORITIES]); - groupsMap.put(groupAndRole[GROUPNAME], groupAutorities); - def.setGroups(groupsMap); - } - - } else { - def.setGroups(groupsMap); - } - if (isDebugEnabled) { - LOG.debug("==> PolicyParser parseGroups"); - } - - } - - private void parseResources(String resourceDef, PolicyDef def) { - if (isDebugEnabled) { - LOG.debug("<== PolicyParser parseResources"); - } - String[] resources = resourceDef.split(","); - String[] resourceTypeAndName = null; - Map<AtlasResourceTypes, List<String>> resourcesMap = new HashMap<AtlasResourceTypes, List<String>>(); - if (validateEntity(resourceDef)) { - for (String resource : resources) { - if (!Pattern.matches("(.+:.+)+", resource)) { - continue; - } - resourceTypeAndName = resource.split("[:]"); - if (def.getResources() != null) { - resourcesMap = def.getResources(); - } - AtlasResourceTypes resourceType = - AtlasResourceTypes.valueOf(resourceTypeAndName[RESOURCE_TYPE].toUpperCase()); - List<String> resourceList = resourcesMap.get(resourceType); - if (resourceList == null) { - resourceList = new ArrayList<String>(); - } - resourceList.add(resourceTypeAndName[RESOURCE_NAME]); - resourcesMap.put(resourceType, resourceList); - def.setResources(resourcesMap); - } - } else { - def.setResources(resourcesMap); - } - if (isDebugEnabled) { - LOG.debug("==> PolicyParser parseResources"); - } - } - -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java b/webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java deleted file mode 100644 index a565f96..0000000 --- a/webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java +++ /dev/null @@ -1,164 +0,0 @@ -/** Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.atlas.authorize; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class PolicyUtil { - - private static Logger LOG = LoggerFactory.getLogger(PolicyUtil.class); - private static boolean isDebugEnabled = LOG.isDebugEnabled(); - private Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap; - private Map<String, Map<AtlasResourceTypes, List<String>>> userWriteMap; - private Map<String, Map<AtlasResourceTypes, List<String>>> userUpdateMap; - private Map<String, Map<AtlasResourceTypes, List<String>>> userDeleteMap; - - private Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap; - private Map<String, Map<AtlasResourceTypes, List<String>>> groupWriteMap; - private Map<String, Map<AtlasResourceTypes, List<String>>> groupUpdateMap; - private Map<String, Map<AtlasResourceTypes, List<String>>> groupDeleteMap; - - /** - * @return the userReadMap - */ - public Map<String, Map<AtlasResourceTypes, List<String>>> getUserReadMap() { - return userReadMap; - } - - /** - * @return the userWriteMap - */ - public Map<String, Map<AtlasResourceTypes, List<String>>> getUserWriteMap() { - return userWriteMap; - } - - /** - * @return the userUpdateMap - */ - public Map<String, Map<AtlasResourceTypes, List<String>>> getUserUpdateMap() { - return userUpdateMap; - } - - /** - * @return the userDeleteMap - */ - public Map<String, Map<AtlasResourceTypes, List<String>>> getUserDeleteMap() { - return userDeleteMap; - } - - /** - * @return the groupReadMap - */ - public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupReadMap() { - return groupReadMap; - } - - /** - * @return the groupWriteMap - */ - public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupWriteMap() { - return groupWriteMap; - } - - /** - * @return the groupUpdateMap - */ - public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupUpdateMap() { - return groupUpdateMap; - } - - /** - * @return the groupDeleteMap - */ - public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupDeleteMap() { - return groupDeleteMap; - } - - public Map<String, Map<AtlasResourceTypes, List<String>>> createPermissionMap(List<PolicyDef> policyDefList, - AtlasActionTypes permissionType, AtlasAccessorTypes principalType) { - if (isDebugEnabled) { - LOG.debug("<== PolicyUtil createPermissionMap"); - LOG.debug("Creating Permission Map for :: " + permissionType + " & " + principalType); - } - Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = - new HashMap<String, Map<AtlasResourceTypes, List<String>>>(); - - // Iterate over the list of policies to create map - for (PolicyDef policyDef : policyDefList) { - LOG.info("Processing policy def : " + policyDef); - Map<String, List<AtlasActionTypes>> principalMap = - principalType.equals(AtlasAccessorTypes.USER) ? policyDef.getUsers() : policyDef.getGroups(); - // For every policy extract the resource list and populate the user map - for (Entry<String, List<AtlasActionTypes>> e : principalMap.entrySet()) { - // Check if the user has passed permission type like READ - if (!e.getValue().contains(permissionType)) { - continue; - } - // See if the current user is already added to map - String username = e.getKey(); - Map<AtlasResourceTypes, List<String>> userResourceList = userReadMap.get(username); - - // If its not added then create a new resource list - if (userResourceList == null) { - if (isDebugEnabled) { - LOG.debug("Resource list not found for " + username + ", creating it"); - } - userResourceList = new HashMap<AtlasResourceTypes, List<String>>(); - } - /* - * Iterate over resources from the current policy def and update the resource list for the current user - */ - for (Entry<AtlasResourceTypes, List<String>> resourceTypeMap : policyDef.getResources().entrySet()) { - // For the current resourceType in the policyDef, get the - // current list of resources already added - AtlasResourceTypes type = resourceTypeMap.getKey(); - List<String> resourceList = userResourceList.get(type); - - if (resourceList == null) { - // if the resource list was not added for this type then - // create and add all the resources in this policy - resourceList = new ArrayList<String>(); - resourceList.addAll(resourceTypeMap.getValue()); - } else { - // if the resource list is present then merge both the - // list - resourceList.removeAll(resourceTypeMap.getValue()); - resourceList.addAll(resourceTypeMap.getValue()); - } - - userResourceList.put(type, resourceList); - } - userReadMap.put(username, userResourceList); - LOG.info("userReadMap=====>>>>>> " + userReadMap); - } - } - if (isDebugEnabled) { - LOG.debug("Returning Map for " + principalType + " :: " + userReadMap); - LOG.debug("==> PolicyUtil createPermissionMap"); - } - return userReadMap; - - } - -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java b/webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java deleted file mode 100644 index 2a32e4e..0000000 --- a/webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java +++ /dev/null @@ -1,380 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.atlas.authorize; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; - -import org.apache.atlas.ApplicationProperties; -import org.apache.atlas.AtlasException; -import org.apache.atlas.util.FileReaderUtil; -import org.apache.atlas.util.PropertiesUtil; -import org.apache.commons.configuration.Configuration; -import org.apache.commons.io.FilenameUtils; -import org.apache.commons.io.IOCase; -import org.apache.commons.lang.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.google.common.annotations.VisibleForTesting; - -public final class SimpleAtlasAuthorizer implements AtlasAuthorizer { - private static final Logger LOG = LoggerFactory.getLogger(SimpleAtlasAuthorizer.class); - private boolean isDebugEnabled = LOG.isDebugEnabled(); - - private final static String WILDCARD_ASTERISK = "*"; - private final static String WILDCARDS = "*?"; - private boolean optIgnoreCase = false; - - private Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null; - private Map<String, Map<AtlasResourceTypes, List<String>>> userWriteMap = null; - private Map<String, Map<AtlasResourceTypes, List<String>>> userUpdateMap = null; - private Map<String, Map<AtlasResourceTypes, List<String>>> userDeleteMap = null; - private Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null; - private Map<String, Map<AtlasResourceTypes, List<String>>> groupWriteMap = null; - private Map<String, Map<AtlasResourceTypes, List<String>>> groupUpdateMap = null; - private Map<String, Map<AtlasResourceTypes, List<String>>> groupDeleteMap = null; - private static AtlasAuthorizer defaultAuthorizer = new SimpleAtlasAuthorizer(); - - private SimpleAtlasAuthorizer() { - } - - public static AtlasAuthorizer getInstance() { - return defaultAuthorizer; - } - - @Override - public void init() { - if (isDebugEnabled) { - LOG.debug("<== SimpleAtlasAuthorizer init"); - } - try { - - PolicyUtil util = new PolicyUtil(); - PolicyParser parser = new PolicyParser(); - optIgnoreCase = Boolean.valueOf(PropertiesUtil.getProperty("optIgnoreCase", "false")); - - if (isDebugEnabled) { - LOG.debug("Read from PropertiesUtil --> optIgnoreCase :: " + optIgnoreCase); - } - - Configuration configuration = ApplicationProperties.get(); - String policyStorePath = configuration.getString("atlas.auth.policy.file"); - - if (isDebugEnabled) { - LOG.debug("Loading Apache Atlas policies from : " + policyStorePath); - } - - List<String> policies = FileReaderUtil.readFile(policyStorePath); - List<PolicyDef> policyDef = parser.parsePolicies(policies); - - userReadMap = util.createPermissionMap(policyDef, AtlasActionTypes.READ, AtlasAccessorTypes.USER); - userWriteMap = util.createPermissionMap(policyDef, AtlasActionTypes.WRITE, AtlasAccessorTypes.USER); - userUpdateMap = util.createPermissionMap(policyDef, AtlasActionTypes.UPDATE, AtlasAccessorTypes.USER); - userDeleteMap = util.createPermissionMap(policyDef, AtlasActionTypes.DELETE, AtlasAccessorTypes.USER); - - groupReadMap = util.createPermissionMap(policyDef, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP); - groupWriteMap = util.createPermissionMap(policyDef, AtlasActionTypes.WRITE, AtlasAccessorTypes.GROUP); - groupUpdateMap = util.createPermissionMap(policyDef, AtlasActionTypes.UPDATE, AtlasAccessorTypes.GROUP); - groupDeleteMap = util.createPermissionMap(policyDef, AtlasActionTypes.DELETE, AtlasAccessorTypes.GROUP); - - if (isDebugEnabled) { - LOG.debug("\n\nUserReadMap :: " + userReadMap + "\nGroupReadMap :: " + groupReadMap); - LOG.debug("\n\nUserWriteMap :: " + userWriteMap + "\nGroupWriteMap :: " + groupWriteMap); - LOG.debug("\n\nUserUpdateMap :: " + userUpdateMap + "\nGroupUpdateMap :: " + groupUpdateMap); - LOG.debug("\n\nUserDeleteMap :: " + userDeleteMap + "\nGroupDeleteMap :: " + groupDeleteMap); - } - - } catch (IOException | AtlasException e) { - if (LOG.isErrorEnabled()) { - LOG.error("SimpleAtlasAuthorizer could not be initialized properly due to : ", e); - } - } - } - - @Override - public boolean isAccessAllowed(AtlasAccessRequest request) throws AtlasAuthorizationException { - if (isDebugEnabled) { - LOG.debug("<== SimpleAtlasAuthorizer isAccessAllowed"); - LOG.debug("isAccessAllowd(" + request + ")"); - } - String user = request.getUser(); - List<String> groups = request.getUserGroups(); - AtlasActionTypes action = request.getAction(); - String resource = request.getResource(); - List<AtlasResourceTypes> resourceTypes = request.getResourceTypes(); - if (isDebugEnabled) - LOG.debug("Checking for :: \nUser :: " + user + "\nGroups :: " + groups + "\nAction :: " + action - + "\nResource :: " + resource); - - boolean isAccessAllowed = false; - boolean isUser = user == null ? false : true; - boolean isGroup = groups == null ? false : true; - - if ((!isUser && !isGroup) || action == null || resource == null) { - if (isDebugEnabled) { - LOG.debug("Please check the formation AtlasAccessRequest."); - } - return isAccessAllowed; - } else { - if (isDebugEnabled) { - LOG.debug("checkAccess for Operation :: " + action + " on Resource " + resourceTypes + ":" + resource); - } - switch (action) { - case READ: - isAccessAllowed = checkAccess(user, resourceTypes, resource, userReadMap); - isAccessAllowed = - isAccessAllowed == false ? checkAccessForGroups(groups, resourceTypes, resource, groupReadMap) - : isAccessAllowed; - break; - case WRITE: - isAccessAllowed = checkAccess(user, resourceTypes, resource, userWriteMap); - isAccessAllowed = - isAccessAllowed == false ? checkAccessForGroups(groups, resourceTypes, resource, groupWriteMap) - : isAccessAllowed; - break; - case UPDATE: - isAccessAllowed = checkAccess(user, resourceTypes, resource, userUpdateMap); - isAccessAllowed = - isAccessAllowed == false - ? checkAccessForGroups(groups, resourceTypes, resource, groupUpdateMap) : isAccessAllowed; - break; - case DELETE: - isAccessAllowed = checkAccess(user, resourceTypes, resource, userDeleteMap); - isAccessAllowed = - isAccessAllowed == false - ? checkAccessForGroups(groups, resourceTypes, resource, groupDeleteMap) : isAccessAllowed; - break; - default: - if (isDebugEnabled) { - LOG.debug("Invalid Action " + action); - LOG.debug("Raising an exception!!!"); - } - throw new AtlasAuthorizationException("Invalid Exception :: " + action); - } - } - - if (isDebugEnabled) { - LOG.debug("==> +SimpleAtlasAuthorizer isAccessAllowed = " + isAccessAllowed); - } - - return isAccessAllowed; - } - - private boolean checkAccess(String accessor, List<AtlasResourceTypes> resourceTypes, String resource, - Map<String, Map<AtlasResourceTypes, List<String>>> map) { - if (isDebugEnabled) { - LOG.debug("<== SimpleAtlasAuthorizer checkAccess"); - LOG.debug("Now checking access for accessor : " + accessor + "\nResource Types : " + resourceTypes - + "\nResource : " + resource + "\nMap : " + map); - } - boolean result = true; - Map<AtlasResourceTypes, List<String>> rescMap = map.get(accessor); - if (rescMap != null) { - for (AtlasResourceTypes resourceType : resourceTypes) { - List<String> accessList = rescMap.get(resourceType); - if (isDebugEnabled) { - LOG.debug("\nChecking for resource : " + resource + " in list : " + accessList + "\n"); - } - if (accessList != null) { - result = result && isMatch(resource, accessList); - } else { - result = false; - } - } - } else { - result = false; - if (isDebugEnabled) - LOG.debug("Key " + accessor + " missing. Returning with result : " + result); - } - - if (isDebugEnabled) { - LOG.debug("Check for " + accessor + " :: " + result); - LOG.debug("==> SimpleAtlasAuthorizer checkAccess"); - } - return result; - } - - private boolean checkAccessForGroups(List<String> groups, List<AtlasResourceTypes> resourceType, String resource, - Map<String, Map<AtlasResourceTypes, List<String>>> map) { - boolean isAccessAllowed = false; - if (isDebugEnabled) { - LOG.debug("<== SimpleAtlasAuthorizer checkAccessForGroups"); - } - - for (String group : groups) { - isAccessAllowed = checkAccess(group, resourceType, resource, map); - if (isAccessAllowed) { - break; - } - } - - if (isDebugEnabled) { - LOG.debug("==> SimpleAtlasAuthorizer checkAccessForGroups"); - } - return isAccessAllowed; - } - - private boolean resourceMatchHelper(List<String> policyResource) { - boolean isMatchAny = false; - if (isDebugEnabled) { - LOG.debug("<== SimpleAtlasAuthorizer resourceMatchHelper"); - } - - boolean optWildCard = true; - - List<String> policyValues = new ArrayList<String>(); - - if (policyResource != null) { - boolean isWildCardPresent = !optWildCard; - for (String policyValue : policyResource) { - if (StringUtils.isEmpty(policyValue)) { - continue; - } - if (StringUtils.containsOnly(policyValue, WILDCARD_ASTERISK)) { - isMatchAny = true; - } else if (!isWildCardPresent && StringUtils.containsAny(policyValue, WILDCARDS)) { - isWildCardPresent = true; - } - policyValues.add(policyValue); - } - optWildCard = optWildCard && isWildCardPresent; - } else { - isMatchAny = false; - } - - if (isDebugEnabled) { - LOG.debug("==> SimpleAtlasAuthorizer resourceMatchHelper"); - } - return isMatchAny; - } - - private boolean isMatch(String resource, List<String> policyValues) { - if (isDebugEnabled) { - LOG.debug("<== SimpleAtlasAuthorizer isMatch"); - } - boolean isMatchAny = resourceMatchHelper(policyValues); - boolean isMatch = false; - boolean allValuesRequested = isAllValuesRequested(resource); - - if (allValuesRequested || isMatchAny) { - isMatch = isMatchAny; - } else { - for (String policyValue : policyValues) { - if (policyValue.contains("*")) { - isMatch = - optIgnoreCase ? FilenameUtils.wildcardMatch(resource, policyValue, IOCase.INSENSITIVE) - : FilenameUtils.wildcardMatch(resource, policyValue, IOCase.SENSITIVE); - } else { - isMatch = - optIgnoreCase ? StringUtils.equalsIgnoreCase(resource, policyValue) : StringUtils.equals( - resource, policyValue); - } - if (isMatch) { - break; - } - } - } - - if (isMatch == false) { - - if (isDebugEnabled) { - StringBuilder sb = new StringBuilder(); - sb.append("["); - for (String policyValue : policyValues) { - sb.append(policyValue); - sb.append(" "); - } - sb.append("]"); - - LOG.debug("AtlasDefaultResourceMatcher.isMatch returns FALSE, (resource=" + resource - + ", policyValues=" + sb.toString() + ")"); - } - - } - - if (isDebugEnabled) { - LOG.debug("==> SimpleAtlasAuthorizer isMatch(" + resource + "): " + isMatch); - } - - return isMatch; - } - - private boolean isAllValuesRequested(String resource) { - boolean result = StringUtils.isEmpty(resource) || WILDCARD_ASTERISK.equals(resource); - return result; - } - - @Override - public void cleanUp() { - if (isDebugEnabled) { - LOG.debug("<== +SimpleAtlasAuthorizer cleanUp"); - } - userReadMap = null; - userWriteMap = null; - userUpdateMap = null; - userDeleteMap = null; - groupReadMap = null; - groupWriteMap = null; - groupUpdateMap = null; - groupDeleteMap = null; - if (isDebugEnabled) { - LOG.debug("==> +SimpleAtlasAuthorizer cleanUp"); - } - } - - /* - * NOTE :: This method is added for setting the maps for testing purpose. - */ - @VisibleForTesting - public void setResourcesForTesting(Map<String, Map<AtlasResourceTypes, List<String>>> userMap, - Map<String, Map<AtlasResourceTypes, List<String>>> groupMap, AtlasActionTypes actionTypes) { - - switch (actionTypes) { - case READ: - this.userReadMap = userMap; - this.groupReadMap = groupMap; - break; - - case WRITE: - - this.userWriteMap = userMap; - this.groupWriteMap = groupMap; - break; - case UPDATE: - - this.userUpdateMap = userMap; - this.groupUpdateMap = groupMap; - break; - case DELETE: - - this.userDeleteMap = userMap; - this.groupDeleteMap = groupMap; - break; - - default: - if (isDebugEnabled) { - LOG.debug("No such action available"); - } - break; - } - } -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java b/webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java deleted file mode 100644 index 22eaff9..0000000 --- a/webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java +++ /dev/null @@ -1,56 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.atlas.util; - -import java.io.BufferedReader; -import java.io.FileReader; -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; -import java.util.regex.Pattern; - -import org.apache.log4j.Logger; - -public class FileReaderUtil { - private static Logger LOG = Logger.getLogger(FileReaderUtil.class); - private static boolean isDebugEnabled = LOG.isDebugEnabled(); - - public static List<String> readFile(String path) throws IOException { - if (isDebugEnabled) { - LOG.debug("<== FileReaderUtil readFile"); - } - LOG.info("reading the file" + path); - BufferedReader br = new BufferedReader(new FileReader(path)); - List<String> list = new ArrayList<String>(); - String line = null; - while ((line = br.readLine()) != null) { - if ((!line.startsWith("##")) && Pattern.matches(".+;;.*;;.*;;.+", line)) - list.add(line); - } - - if (isDebugEnabled) { - LOG.debug("==> FileReaderUtil readFile"); - LOG.debug("Policies read :: " + list); - } - if (br != null) { - br.close(); - } - return list; - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/util/PropertiesUtil.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/util/PropertiesUtil.java b/webapp/src/main/java/org/apache/atlas/util/PropertiesUtil.java deleted file mode 100644 index fef8efb..0000000 --- a/webapp/src/main/java/org/apache/atlas/util/PropertiesUtil.java +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - -package org.apache.atlas.util; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Properties; -import java.util.Set; - -import org.apache.log4j.Logger; -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; -import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer; - -public class PropertiesUtil extends PropertyPlaceholderConfigurer { - private static Map<String, String> propertiesMap = new HashMap<String, String>(); - private static Logger logger = Logger.getLogger(PropertiesUtil.class); - protected List<String> xmlPropertyConfigurer = new ArrayList<String>(); - - private PropertiesUtil() { - - } - - @Override - protected void processProperties(ConfigurableListableBeanFactory beanFactory, Properties props) - throws BeansException { - - Properties sysProps = System.getProperties(); - if (sysProps != null) { - for (String key : sysProps.stringPropertyNames()) { - String value = sysProps.getProperty(key); - if (value != null) { - value = value.trim(); - } - propertiesMap.put(key, value); - } - } - - Set<Object> keySet = props.keySet(); - for (Object key : keySet) { - String keyStr = key.toString(); - propertiesMap.put(keyStr, props.getProperty(keyStr).trim()); - } - - super.processProperties(beanFactory, props); - } - - public static String getProperty(String key, String defaultValue) { - if (key == null) { - return null; - } - String rtrnVal = propertiesMap.get(key); - if (rtrnVal == null) { - rtrnVal = defaultValue; - } - return rtrnVal; - } - - public static String getProperty(String key) { - if (key == null) { - return null; - } - return propertiesMap.get(key); - } - - public static String[] getPropertyStringList(String key) { - if (key == null) { - return null; - } - String value = propertiesMap.get(key); - if (value != null) { - String[] splitValues = value.split(","); - String[] returnValues = new String[splitValues.length]; - for (int i = 0; i < splitValues.length; i++) { - returnValues[i] = splitValues[i].trim(); - } - return returnValues; - } else { - return new String[0]; - } - } - - public static Integer getIntProperty(String key, int defaultValue) { - if (key == null) { - return null; - } - String rtrnVal = propertiesMap.get(key); - if (rtrnVal == null) { - return defaultValue; - } - return Integer.valueOf(rtrnVal); - } - - public static Integer getIntProperty(String key) { - if (key == null) { - return null; - } - String rtrnVal = propertiesMap.get(key); - if (rtrnVal == null) { - return null; - } - return Integer.valueOf(rtrnVal); - } - - public static boolean getBooleanProperty(String key, boolean defaultValue) { - if (key == null) { - return defaultValue; - } - String value = getProperty(key); - if (value == null) { - return defaultValue; - } - return Boolean.parseBoolean(value); - } -} \ No newline at end of file
